How secure is the SurveyJS platform?
Have you performed any security vulnerability testing? If so, please share the details or confirm the existence of same.
Can you confirm that the surveys or related data never sent outside the server/network?
Please share any other security details
Hello,
Thank you for the interest in our products.
SurveyJS ecosystem consists of the following parts:
SurveyJS Library - client-side open source (https://github.com/surveyjs/surveyjs)) free (MIT) JavaScript engine to run surveys in web browsers
SurveyJS Builder (Editor) - client-side open source (https://github.com/surveyjs/editor)) commercial licensed JavaScript tool for building survey definitions
SurveyJS Service - online free service to demonstrate library/builder features
As for open source client side libraries - they are responsible of the survey visualization (SurveyJS Library) and survey designing (SurveyJS Builder (Editor)) and do not store any data. They can performs requests to an outside service to store survey results or survey definition. This is controlled by the custom JavaScript code one writes to run SurveyJS on a web site or in a web application.
Our Javascript libraries are used by many web developers and most of them are use them in their own applications and store survey definitions and results in their own databases.
As for SurveyJS Service - it stores survey definitions, survey results, uploaded files in the Azure Cloud. SurveyJS Service web was built according to the Microsoft recommendations of security settings and database organization.
Survey definitions and uploaded files are available to everyone by identifiers and direct links (GUIDS).
Survey results are available for survey owners only and can be shared (if owner allows it via setting)
SurveyJS Service doesn't sent or pass through 3-rd party services the survey results and we are not going to share results with anyone.
Please feel free to contact us in case of any further questions.
Thanks, Serge
SurveyJS Team